請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/26680
標題: | 高效率主動式惡意軟體蒐集系統 An Effective Proactive Malware Collector |
作者: | Yuan-Tao Li 李遠濤 |
指導教授: | 郭斯彥 |
關鍵字: | 安全,病毒蠕蟲,惡意軟體蒐集, Security,Virus worm,Malware Collection, |
出版年 : | 2008 |
學位: | 碩士 |
摘要: | 在網路蓬勃發展的今日,病毒傳播愈來愈快速,大量的新興與變種病毒不斷的產生,而且技術越來越精良:使用Rootkit方式執行的病毒,偽裝網路活動、註冊機碼、處理程序等所有可能警示使用者系統中潛伏著惡意程式的項目,隱藏在系統之中,一般人不易察覺;MSN病毒利用社群關係,降低使用者警戒心,達成以等比級數快速散播的驚人速度。因此,病毒研究員急需快速與大量的取得各種的病毒樣本,尤其是正在網路上散播的新型病毒,來進行分析,才能應付與日遽增病毒的威脅。
本篇論文提出了Proactive Malware Collects Tool,一個可以主動連接遭受感染的網站,自動擷取出受感染的樣本的工具。簡而言之,我們取得受感染網站的列表,並在模擬的作業系統環境下一一瀏覽這些網站,擷取出瀏覽該網站後新增、異動的檔案,再進行篩選,找出可能遭受感染的檔案,提供後續分析使用。 我們的工具利用比對虛擬機器底層檔案活動的差異,以未修改Windows環境的方式來偵測病毒活動產生的檔案,不易被病毒發現。此外,我們的工具從取得連結、瀏覽、篩選皆是自動化的。因此,Proactive Malware Collects Tool是一個自動化收集大量病毒的的理想工具。 Internet services are increasingly becoming an essential part of our everyday life. But the viruses spread more and more fast. Large numbers of new risen and new sophisticated viruses are constantly expanding, and their techniques are more and more compact. In the form of Trojan for example that aims to perform its tasks with user consent, and usually is disguised as a legitimate program – apparently it greatly compromises the integrity of the system. Users infected with Trojans cannot be aware of having infected. Another MSN worms use the social relationship to reduce the alert of users and spread at a amazing speed of doubling the number each square. Therefore, malware researcher urgently needs all kinds of malware samples for investigating, especially the new kinds of worms in the Internet. The better and more we know about what malware is currently spreading in the wild, the better can our defenses are. In this thesis, we describe a Proactive Malware Collector, a tool that connects the compromised websites, and automates to get the infected samples. In brief, we get the list of the compromised websites, and browse each site in an unmodified Windows environment, which leads to excellent emulation accuracy. We capture the created and modified files after browsing the sites and filter those files that could be infected for further in-depth analysis. To this end, our tool uses the technique that is comparing the difference of virtual hardware file activity for obtaining the infected samples. It is invisible to malware. Furthermore, our tool automates to get links, browse, and filter. These factors make The Proactive Malware Collector an ideal tool for automatically collecting the large numbers of malware. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/26680 |
全文授權: | 未授權 |
顯示於系所單位: | 資訊網路與多媒體研究所 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-97-1.pdf 目前未授權公開取用 | 337.38 kB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。